Hacker compromised legit Web sites now pose gravest danger

The number of genuine Web sites compromised by hackers has increased and for the first time surpasses that of malicious Web sites purposefully created by cyber criminals, according to a report by Websense Security Labs.

Websense Security Labs is the research arm of Websense Inc., a vendor of content filtering products based in San Diego, Calif.

It investigates and reports on advanced Internet threats and publishes findings to security partners, vendors, media outlets, military and other organizations.

The steady increase in the number of compromised sites – which hackers now use even more than their own created sites – has grim implications for Internet users, Websense researchers suggest.

Today visiting only trusted sites is no longer a guarantee of safety, they say.

“More and more, attackers are compromising legitimate Web sites to infect visitors with information-stealing code or to add users’ machines to botnets,” said Dan Hubbard, vice-president of security research, Websense.

Compromising sites with generally good reputations – and sites with a dedicated membership or group of visitors – coupled with more effective and targeted e-mail lures, can increase the success rate of attacks, according to the Websense report.

It cited the attack launched within the United Nations’ HIV/AIDS Asia Pacific portal on August 27, 2007, as exemplifying how attackers compromise legitimate Web sites in an attempt to elevate the infection rate.

In this case, when visitors opened the UN Web site, unprotected users inadvertently downloaded a Trojan horse that infected their computers with malicious code.

Victims then became unknowing participants in a larger bot network that attackers could potentially use for future malicious attacks.

For businesses this development poses a huge risk, the report says, as conventional security measures are not designed to handle such attacks, which use sophisticated techniques such as spoofing search engine results to drive traffic to infected sites.

Hubbard predicts attackers will also take advantage of Web 2.0 applications and user-generated content to create even bigger security concerns for organizations.

We had evidence of this last September in the “Phast Phlux Phishing” attack on MySpace, the popular social networking site.

Several visitors to the site users affected by this attack, with their confidential user login credentials being stolen and used for malicious purposes.

The modus operandi in that was to steal the victims’ MySpace profiles and use these to spread the attack virally through “friends lists.”

Although the malicious domain originated in China, the hosts were most likely the compromised desktops of casual Web surfers who were unwilling participants in this orchestrated attack.

In addition to Web 2.0 attacks, event-based cyber assaults were on the rise in the second half of 2007, the report noted.

It cited the Trick-or-treating Trojan horse attack launched last Halloween, which featured an information-stealing Trojan horse in the form of a Yahoo! Halloween greeting card that attackers released two days before the holiday.

“Attackers tricked users without adequate Web security protection into downloading malicious code designed to steal sensitive financial information, including passwords, credit cards and online banking information.”

Share on LinkedIn Share with Google+